Section outline

  • Lesson Overview: This lesson educates students on what happens after an attacker breaches a system – how they move laterally through the network and establish persistence to maintain access. The focus is on recognizing these behaviors so that defenders (even young aspiring defenders!) know what to look for and fix first when cleaning up after or preparing for an incident. The tone stresses that in the age of fast-moving malware and AI-driven attacks, understanding post-compromise tactics is key to outsmarting them. We frame it from the defender perspective: find and fix the weak points that allow movement and persistence, and thereby contain the damage.

    • Micro-Topic 17.1: After the Breach – Attackers Don’t Stop at One System

      (Goal: Introduce lateral movement concept in simple terms)

    • GB 17 1 After the Breach Lateral Movement FREE SCORM12 SCORM package

    • Micro-Topic 17.2: Persistence – How Attackers Stay In

      (Goal: Explain what persistence is and give examples of persistence mechanisms)

    • GB 17 2 Persistence How Attackers Stay In FREE SCORM12 SCORM package

    • Micro-Topic 17.3: Defender’s Response – Detecting and Stopping Lateral Movement & Persistence

      (Goal: Teach how defenders can catch and remediate these post-compromise activities)

    • GB 17 3 Defenders Response Detecting Stopping Lateral Movement Persistence FREE SCORM12 SCORM package